cvelistv5 - CVE-2010-2604

CVE-2010-2604 (GCVE-0-2010-2604)

Vulnerability from cvelistv5 – Published: 2011-01-12 23:00 – Updated: 2024-08-07 02:39

Summary

Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2011/0081	vdb-entryx_refsource_VUPEN
	http://www.blackberry.com/btsc/KB25382	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/42882	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1024953	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/45753	vdb-entryx_refsource_BID
	http://osvdb.org/70393	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0081",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0081"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.blackberry.com/btsc/KB25382"
          },
          {
            "name": "blackberry-pdf-distiller-bo(64621)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
          },
          {
            "name": "42882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42882"
          },
          {
            "name": "1024953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024953"
          },
          {
            "name": "45753",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45753"
          },
          {
            "name": "70393",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70393"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0081",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0081"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.blackberry.com/btsc/KB25382"
        },
        {
          "name": "blackberry-pdf-distiller-bo(64621)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
        },
        {
          "name": "42882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42882"
        },
        {
          "name": "1024953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024953"
        },
        {
          "name": "45753",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45753"
        },
        {
          "name": "70393",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70393"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0081",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0081"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB25382",
              "refsource": "CONFIRM",
              "url": "http://www.blackberry.com/btsc/KB25382"
            },
            {
              "name": "blackberry-pdf-distiller-bo(64621)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
            },
            {
              "name": "42882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42882"
            },
            {
              "name": "1024953",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024953"
            },
            {
              "name": "45753",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45753"
            },
            {
              "name": "70393",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70393"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2604",
    "datePublished": "2011-01-12T23:00:00",
    "dateReserved": "2010-07-01T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4BD344A-EE9C-4ECB-8CB1-35146FD6F056\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1694E42-9AA5-4503-9714-CBDE388481A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F378AF-E25B-4D60-AF7E-9E6FB228BF1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"265D8F90-96C3-4627-ABA5-994C25F70A45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5A7A6BD-C0D7-40E0-BE1A-EC4396853296\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E00E895-AEEC-406B-9DC2-D01916BB1CCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EBA5181-F946-4F86-B5DB-07795ACF32D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85752BAD-8110-41B4-BAEF-4C97BFDA046A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377D4536-5EAC-4F0A-94AD-4D326935A142\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"079D4AE1-AA56-4169-8073-E665452A0BF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D861AF4-F293-40D9-BFA9-1EECBDFA8253\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en PDF Distiller en el componente de BlackBerry Attachment Service de Research In Motion (RIM) BlackBerry Enterprise Server v4.1.3 hasta v5.0.2, y Enterprise Server Express v5.0.1 y v5.0.2, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un archivo PDF manipulado.\"}]",
      "id": "CVE-2010-2604",
      "lastModified": "2024-11-21T01:16:59.467",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-01-13T01:00:01.553",
      "references": "[{\"url\": \"http://osvdb.org/70393\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42882\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.blackberry.com/btsc/KB25382\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/45753\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1024953\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0081\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64621\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/70393\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.blackberry.com/btsc/KB25382\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/45753\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0081\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2604\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-01-13T01:00:01.553\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en PDF Distiller en el componente de BlackBerry Attachment Service de Research In Motion (RIM) BlackBerry Enterprise Server v4.1.3 hasta v5.0.2, y Enterprise Server Express v5.0.1 y v5.0.2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo PDF manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4BD344A-EE9C-4ECB-8CB1-35146FD6F056\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1694E42-9AA5-4503-9714-CBDE388481A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F378AF-E25B-4D60-AF7E-9E6FB228BF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"265D8F90-96C3-4627-ABA5-994C25F70A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5A7A6BD-C0D7-40E0-BE1A-EC4396853296\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E00E895-AEEC-406B-9DC2-D01916BB1CCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EBA5181-F946-4F86-B5DB-07795ACF32D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85752BAD-8110-41B4-BAEF-4C97BFDA046A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377D4536-5EAC-4F0A-94AD-4D326935A142\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"079D4AE1-AA56-4169-8073-E665452A0BF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D861AF4-F293-40D9-BFA9-1EECBDFA8253\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/70393\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42882\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.blackberry.com/btsc/KB25382\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/45753\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024953\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0081\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64621\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/70393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.blackberry.com/btsc/KB25382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/45753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2010-2604

Vulnerability from fkie_nvd - Published: 2011-01-13 01:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/70393
cve@mitre.org	http://secunia.com/advisories/42882	Vendor Advisory
cve@mitre.org	http://www.blackberry.com/btsc/KB25382	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/45753
cve@mitre.org	http://www.securitytracker.com/id?1024953
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0081	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/64621
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70393
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42882	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.blackberry.com/btsc/KB25382	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45753
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024953
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0081	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64621

Impacted products

Vendor	Product	Version
rim	blackberry_enterprise_server	4.1.3
rim	blackberry_enterprise_server	4.1.4
rim	blackberry_enterprise_server	4.1.5
rim	blackberry_enterprise_server	4.1.6
rim	blackberry_enterprise_server	4.1.6
rim	blackberry_enterprise_server	4.1.7
rim	blackberry_enterprise_server	5.0.0
rim	blackberry_enterprise_server	5.0.1
rim	blackberry_enterprise_server	5.0.2
rim	blackberry_enterprise_server_express	5.0.1
rim	blackberry_enterprise_server_express	5.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BD344A-EE9C-4ECB-8CB1-35146FD6F056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1694E42-9AA5-4503-9714-CBDE388481A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F378AF-E25B-4D60-AF7E-9E6FB228BF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "265D8F90-96C3-4627-ABA5-994C25F70A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A6BD-C0D7-40E0-BE1A-EC4396853296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E00E895-AEEC-406B-9DC2-D01916BB1CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EBA5181-F946-4F86-B5DB-07795ACF32D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85752BAD-8110-41B4-BAEF-4C97BFDA046A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "377D4536-5EAC-4F0A-94AD-4D326935A142",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "079D4AE1-AA56-4169-8073-E665452A0BF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D861AF4-F293-40D9-BFA9-1EECBDFA8253",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en PDF Distiller en el componente de BlackBerry Attachment Service de Research In Motion (RIM) BlackBerry Enterprise Server v4.1.3 hasta v5.0.2, y Enterprise Server Express v5.0.1 y v5.0.2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo PDF manipulado."
    }
  ],
  "id": "CVE-2010-2604",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-13T01:00:01.553",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70393"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42882"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.blackberry.com/btsc/KB25382"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45753"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024953"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0081"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.blackberry.com/btsc/KB25382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-49VQ-QC87-CHPF

Vulnerability from github – Published: 2022-05-17 02:06 – Updated: 2022-05-17 02:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-13T01:00:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.",
  "id": "GHSA-49vq-qc87-chpf",
  "modified": "2022-05-17T02:06:43Z",
  "published": "2022-05-17T02:06:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2604"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70393"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42882"
    },
    {
      "type": "WEB",
      "url": "http://www.blackberry.com/btsc/KB25382"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45753"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024953"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0081"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-014

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le composant PDF de BlackBerry Attachment Service permet à une personne malveillante d'exécuter du code arbitraire à distance.

Description

Une erreur non spécifiée par l'éditeur dans la façon dont BlackBerry Attachment Service traite les fichiers PDF rend possible l'exécution de code arbitraire à distance via un fichier PDF spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BlackBerry Professional Software version 4.1.4 pour Microsoft Exchange and IBM Lotus Domino.
Microsoft	N/A	BlackBerry Enterprise Server Express versions 5.0.1 et 5.0.2 pour Microsoft Exchange ;
N/A	N/A	BlackBerry Enterprise Server versions 4.1.3 à 5.0.1 pour Microsoft Exchange et IBM Lotus Domino ;
N/A	N/A	BlackBerry Enterprise Server Express version 5.0.2 pour IBM Lotus Domino ;
Novell	N/A	BlackBerry Enterprise Server versions 4.1.3 à 5.0.1 pour Novell GroupWise ;

References

Title

Publication Time

Tags

Bulletin de sécurité BlackBerry KB25382 du 01 janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BlackBerry Professional Software version 4.1.4 pour Microsoft Exchange and IBM Lotus Domino.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server Express versions 5.0.1 et 5.0.2 pour Microsoft Exchange ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server versions 4.1.3 \u00e0 5.0.1 pour Microsoft Exchange et IBM Lotus Domino ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server Express version 5.0.2 pour IBM Lotus Domino ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server versions 4.1.3 \u00e0 5.0.1 pour Novell GroupWise ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Novell",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur non sp\u00e9cifi\u00e9e par l\u0027\u00e9diteur dans la fa\u00e7on dont BlackBerry\nAttachment Service traite les fichiers PDF rend possible l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance via un fichier PDF sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2604"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-014",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le composant PDF de \u003cspan\nclass=\"textit\"\u003eBlackBerry Attachment Service\u003c/span\u003e permet \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BlackBerry Enterprise Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BlackBerry KB25382 du 01 janvier 2011",
      "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB25382#"
    }
  ]
}

CERTA-2011-AVI-014

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le composant PDF de BlackBerry Attachment Service permet à une personne malveillante d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BlackBerry Professional Software version 4.1.4 pour Microsoft Exchange and IBM Lotus Domino.
Microsoft	N/A	BlackBerry Enterprise Server Express versions 5.0.1 et 5.0.2 pour Microsoft Exchange ;
N/A	N/A	BlackBerry Enterprise Server versions 4.1.3 à 5.0.1 pour Microsoft Exchange et IBM Lotus Domino ;
N/A	N/A	BlackBerry Enterprise Server Express version 5.0.2 pour IBM Lotus Domino ;
Novell	N/A	BlackBerry Enterprise Server versions 4.1.3 à 5.0.1 pour Novell GroupWise ;

References

Title

Publication Time

Tags

Bulletin de sécurité BlackBerry KB25382 du 01 janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BlackBerry Professional Software version 4.1.4 pour Microsoft Exchange and IBM Lotus Domino.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server Express versions 5.0.1 et 5.0.2 pour Microsoft Exchange ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server versions 4.1.3 \u00e0 5.0.1 pour Microsoft Exchange et IBM Lotus Domino ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server Express version 5.0.2 pour IBM Lotus Domino ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server versions 4.1.3 \u00e0 5.0.1 pour Novell GroupWise ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Novell",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur non sp\u00e9cifi\u00e9e par l\u0027\u00e9diteur dans la fa\u00e7on dont BlackBerry\nAttachment Service traite les fichiers PDF rend possible l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance via un fichier PDF sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2604"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-014",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le composant PDF de \u003cspan\nclass=\"textit\"\u003eBlackBerry Attachment Service\u003c/span\u003e permet \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BlackBerry Enterprise Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BlackBerry KB25382 du 01 janvier 2011",
      "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB25382#"
    }
  ]
}

GSD-2010-2604

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2604

Aliases

CVE-2010-2604

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2604",
    "description": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.",
    "id": "GSD-2010-2604"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2604"
      ],
      "details": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.",
      "id": "GSD-2010-2604",
      "modified": "2023-12-13T01:21:31.957854Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2604",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2011-0081",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0081"
          },
          {
            "name": "http://www.blackberry.com/btsc/KB25382",
            "refsource": "CONFIRM",
            "url": "http://www.blackberry.com/btsc/KB25382"
          },
          {
            "name": "blackberry-pdf-distiller-bo(64621)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
          },
          {
            "name": "42882",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42882"
          },
          {
            "name": "1024953",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024953"
          },
          {
            "name": "45753",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45753"
          },
          {
            "name": "70393",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/70393"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:mr4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2604"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42882",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42882"
            },
            {
              "name": "http://www.blackberry.com/btsc/KB25382",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.blackberry.com/btsc/KB25382"
            },
            {
              "name": "45753",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45753"
            },
            {
              "name": "ADV-2011-0081",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0081"
            },
            {
              "name": "1024953",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024953"
            },
            {
              "name": "70393",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/70393"
            },
            {
              "name": "blackberry-pdf-distiller-bo(64621)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-17T01:32Z",
      "publishedDate": "2011-01-13T01:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2604 (GCVE-0-2010-2604)

FKIE_CVE-2010-2604

GHSA-49VQ-QC87-CHPF

CERTA-2011-AVI-014

Description

Solution

CERTA-2011-AVI-014

Description

Solution

GSD-2010-2604

Tags

Sightings

Nomenclature